I am trying to connect MF OO and Office 365 (Azure).
I have created application on Azure Portal, I have asked for API permission (Microsoft Graph – Delegated – Mail. Read, User.Read, Mail.Read.Shared, email, opened, profile) and Administrator granted permissions.
In workflow in Get Authorization Step I have loginAuthotrity = https://login.microsoftonline.com/(tenantId)/oauth2/v2.0/token; resource = https://graph.microsoft.com; loginType = API, clientId, ClientSecret and webproxy populated. I have put result to variable and i can see token in varaible. Next step is Get Message with all inputs populated and token from varible (first step).
When I run workflow I have error on second step “NoPermissionsInAccessToken” with “The token contains no permissions, or permissions can not be understood.”
In order to be able to use delegated permissions there should be a way for the user to register as a logged in user. Mobile apps or websites can do this since the mechanism for becoming a logged in user is a web page of sorts where the user can enter Microsoft credentials. There is no way for OO to display this page and there is no way to register as a logged in user via the API or a library. In order to authenticate, the Office 365 content makes use of tokens obtained from Azure Active Directory, specific for the web or native application that you created. This is the reason why Application Rights are required.
Please put the Get Message input values in a table and share them. You can replace any sensitive data with garbled characters.
It's very easy to provide wrong values, the Graph API is convoluted.
tnx for help.
since Get Message is complicated i have replaced it with List Messages.
i have three inputs:
If the access rights have been defined in the Azure Portal, like in the example screen bellow, and the Grant Permissions button has been pressed after the rights were assigned then the only possible explanation is a typo somewhere. Please also show the inputs given to the Generate Auth Token operation.
my azure permissions. i have asked for MS Graph rights and i see in your picture Office 365 Exchange Online grants. is this source of my problems?
Technically Mail.Read rights an be found in both Exchange Online and Graph APIs, this is Microsoft's way of being ambiguous. I'm looking at our internal apps and it looks like we managed to use both of them with success, but in order o eliminate variations can you also assign Exchange Mail.Read rights?
i have added legacy exchange rights.
no luck. still the same error.
do i need to wait for some time?
i dont have Office 365 Exchange Online to choose. only this legacy Exchange.
This is how the rights look for me in the new and "improved" management page. Looks like Exchange online is now Exchange.
it says tath admin consent is not required. i have assked for admin consent for Graph APi permission and our admin gave grants.
my input for Get Authorization is sam as yours in post about documentation except for loginAuhority where i use https://login.microsoftonline.com/(tenantID)/oauth2/v2.0/token. i tried with yours version https://login.windows.net/tenantID/oauth2/token but i got sam error
Maybe MF OO is only working with Legacy API and i have to get admin consent for this new permission?
Person who is granting permission is on vacation. She will be back in 10 days.
so for now i have to wait and focus on other tasks.
tnx for help
i will post result when i get consent for legacy API.